Re: Abuse procedures... Reality Checks

North American Network Operators Group

Re: Abuse procedures... Reality Checks

From: Douglas Otis
Date: Mon Apr 09 18:06:07 2007

On Apr 8, 2007, at 9:03 PM, Paul Vixie wrote:

[email protected] (Douglas Otis) writes:

Good advise. For various reasons, a majority of IP addresses within a CIDR of any size being abusive is likely to cause the CIDR to be blocked. While a majority could be considered as being half right, the existence of the "bad neighborhood" demonstrates a lack of oversight for the entire CIDR, which is also fairly predictive of future abuse.
that sounds like a continuum, but my experience requires more dimensions than you're describing. for example, this weekend two / 24's were hijacked and used for spam spew.

Agreed.

This was expressed recently as well.

http://www.merit.edu/mailinglist/mailarchives/old_archive/msg05351.html

CIDRs should also conform with ASN boundaries and reputation tracks with announcements.

Unfortunately an effort to create a black-hole operator's BCP failed to consider these issues. Many building their own reputation histories will also likely ignore this concern. This means John's advice remains valid, whether fair or not. Adopting transient tracking methods cope with this problem.

-Doug

References:
- Re: Abuse procedures... Reality Checks Douglas Otis
- Re: Abuse procedures... Reality Checks Paul Vixie

Prev by Date: Re: Abuse procedures... Reality Checks
Next by Date: Re: Abuse procedures... Reality Checks
Date Index
Thread Index
Author Index
Historical